package com.wm.blog_gateway.auth;

import com.wm.blog_gateway.config.GatewayWhiteConfig;
import com.wm.blog_gateway.filter.AuthorityFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.filter.CorsFilter;

/***
 * @ClassName: WebSecurityConfig
 * @Description: gateway使用的是WebFlux
 * @Author: wm_yu
 * @Create_time: 18:03 2020-3-30
 */
@EnableWebFluxSecurity
@Configuration
public class WebSecurityConfig {

    @Autowired
    private GatewayWhiteConfig gatewayWhiteConfig;


    @Autowired
    private ServerAuthenticationSuccessHandler authSuccessHandler;

    @Autowired
    private ServerAuthenticationFailureHandler authFailureHandler;


    @Autowired
    private LogoutAuthSuccessHandler logoutAuthSuccessHandler;

    @Autowired
    private AuthorityFilter authorityFilter;


    /**
     * 没有权限时进入的方法,自定义,security
     * @return
     */
    @Bean
    public ServerAuthenticationEntryPoint authenticationEntryPoint() {
        return new CustomAuthenticationEntryPoint();
    }


    @Bean
    SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
        ServerHttpSecurity.FormLoginSpec formLoginSpec = http.csrf().disable().cors().and()
                .formLogin();
        formLoginSpec.authenticationSuccessHandler(authSuccessHandler)   //认证成功
                .loginPage("/blog/admin/login")
                .authenticationFailureHandler(authFailureHandler)  //登陆验证失败
                .and().logout()
                //登出
                .logoutUrl("/blog/admin/loginOut")
                .logoutSuccessHandler(logoutAuthSuccessHandler);   //登出成功处理
       return formLoginSpec
                .and()
                .httpBasic().disable()
                .authorizeExchange()
                //白名单接口
                .pathMatchers(gatewayWhiteConfig.getAuthWhite()).permitAll()
                .anyExchange().authenticated()
                .and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())  //登录异常处理 ,基于http的接口请求鉴权失败
                .and()
               //配置自定义有过滤器
                .addFilterAt(authorityFilter, SecurityWebFiltersOrder.HTTP_BASIC)
                .build();
    }



}

